Hot-wallet breach drains ~$35M in 15 minutes — CEX security and real-time detection under spotlight

A major South Korean centralized exchange suffered a hot-wallet compromise that released hundreds of rapid transactions within roughly 15 minutes, draining about ₩44.5B (~$33–35M) across dozens of tokens. The exchange paused withdrawals and managed to freeze roughly half the stolen funds (notably ≈₩23B in LAYER), but the remainder is unrecoverable. Chainalysis attributes the incident to a compromised hot-wallet signing flow rather than a smart-contract bug or user error. Key signals included multiple wallets being driven to zero, a jump from near-zero withdrawal activity to ~80 large withdrawals in 15 minutes, and burst transfers across many asset types. Attackers then used AMMs to swap stolen assets into harder-to-freeze tokens. Chainalysis highlights mitigation tools — Hexagate’s Wallet Compromise Detection Kit (real-time balance/burst/unknown-recipient detection and ML models) and GateSigner (pre-signature simulation and blocking/escalation) — that can flag anomalies in the earliest malicious transactions and block suspicious signing flows. The report warns that CEX and custodian breaches are rising as attackers target complex, multi-chain hot-wallet infrastructures; rapid detection, signature-pipeline controls and automated responses (withdrawal halts, cold-wallet evacuation, coordinated freezes) can limit losses and reduce systemic contagion. For traders: expect short-term volatility in affected tokens (especially those frozen or heavily swapped), renewed market scrutiny on exchange security, and potential regulatory or custodial changes that could affect liquidity and withdrawal protocols.